claude-dash-admin
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill performs system-level operations including process monitoring (
ps aux), directory size calculation (du -sh), and destructive file operations (rm -rf). These capabilities can be used to disrupt system services or delete user data if misused. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill triggers the execution of various local Python and Shell scripts (e.g.,
archive-sessions.py,log-rotation.sh,start-watcher.sh) located in the user's home directory. This constitutes execution of code external to the skill body, where the script content is unverified. - [DATA_EXFILTRATION] (MEDIUM): The skill accesses sensitive directories (
~/.claude-dash/sessions/,~/.claude-dash/learning/,~/.claude-dash/config.json) which contain user interaction history, individual preferences, and potentially sensitive configuration data. While no network exfiltration is observed, the exposure of these paths to an AI agent is a high-risk data access pattern. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection via the processing of untrusted local data.
- Ingestion points: Files in
~/.claude-dash/logs/watcher-error.logand~/.claude-dash/sessions/are read into the agent context. - Boundary markers: Absent; log content and session data are read directly without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill has broad capabilities including file deletion (
rm), file copying (cp), and script execution (python3,bash). - Sanitization: No evidence of sanitization or validation of the content read from external logs or session files.
Audit Metadata